Sudosev

is creating malware analysis lectures

6

patrons
Whoami
Some of you may know me from Twitter but I will assume that nobody here knows me.  I'm a final year computer & network security student at Staffordshire University with an undying passion for information security and more specifically, malware research & threat intelligence.  In 2016, I really threw myself in at the deep end in the community and spoke at a conference as well as guest authored blog posts, all while studying for my degree and posting anything interesting I found in my spare time on Twitter.  Anybody that truly knows me will know that my passion and drive for information security is unstoppable.  That being said, I also enjoy teaching and I hope that my motivation can fuel some beginners to help ignite their love for information security and the dissection of malware.

Why Patreon?
Several services exist for offering teaching at a low cost but due to financial constraints and time constraints, it's proving difficult to find the time to build a course in full to then push out to those that want to purchase the course.  Instead, I have opted for what we have here.  Any previous or current student will know that the financial situation as a student is diabolical.  I've reached the depths of my cash pool at this point so here I am attempting to source some income while simultaneously teaching people the skills that they frequently ask me for in direct messages on Twitter.  While I am open to answering random questions, a structured course with in-depth explanation and demonstrations is much better.  Not only that but by doing this, I can dedicate time to the course whereas direct messages are answered on the fly and answer quality may vary depending on how rushed I am at the time.

Essentially, money gained through Patreon is going to reduce my stress levels majorly and keep me fed while I write the content for this course and finish up my degree.  I'll also make sure that I dedicate some of the course writing time to speaking with Patreons as long as the numbers don't grow to a ridiculous amount.  For example, speaking to 2-3 Patreons is no issue but trying to speak to 100-200 people in a 3-4 hour allocated slot is going to be damn difficult.

Amanda Rousseau (@malwareunicorn) will be reviewing course content before publishing to ensure the quality is of a high standard.

The following areas are in the context of malware activity. Some knowledge is already assumed.

Networking & security technologies
- IP addresses and subnetting (IPv4, VLSM)
- Routing & switching basics
- How data/packets move through a network
- ICMP
- TCP and UDP
- DNS
- Firewalls/ACLs
- IDS/IPS
- Denial of service attacks
- DoS mitigation
- Network security topologies & architecture
- OSI model in-depth and how each layer correlates to malware investigations
- Command and control servers
- Common network indicators for malicious activity
- Abusing DNS and ICMP for malicious traffic
- C2 traffic (HTTP/DNS/ICMP)

Introduction to malware analysis
- What is malware?
- Malware broken into sub-categories
- What is gained from malware analysis?
- High level overview: malware techniques
- Packers
- Analysis Methodology
- Lab safety
- Lab environment (virtualization)

Tools (full walk-through)
- Wireshark (customize appearance, filters, follow streams, file carving)
- NetworkMiner
- PeStudio
- RegShot
- ProcessExplorer
- ProcessMonitor
- FakeNet
- Resource Hacker
- HxD
- IDA
- x64dbg
- API Monitor
- Yara
- XORSearch

Static Malware Analysis
- What exactly are you are looking for?
- Why are you doing this?
- Once you have analyzed the malware specimen, what do you plan to do with the information extracted from our analysis session?
- What is your end goal?
- File appearance
- Reading and understanding histograms & entropy
- Identifying packing
- Unpacking (may require manual unpacking)
- Strings
- Sections
- Imports
- Threat intel for additional clues
- Preparing for dynamic analysis

Dynamic Malware Analysis
- Translate static findings into expected dynamic behavior
- Determine what artifacts you should be looking for post-execution
- Understand each step of the malware execution
- Learn common and uncommon techniques used by malware authors during execution
- Identify system and file changes
- Identify persistence
- Analyze network traffic sourcing from the malware
- Compile a list of indicators of compromise
- Correlate behavior with static findings

Manual reverse engineering
- CPU architectures
- Memory management
- ASLR
- Stack operations
- Basic ASM instructions
- Flags
- Functions
- If/Else
- Jump instructions (conditional)
- Identifying loops
- Opcodes
- Example walk-through
- IDA & x64dbg examples
- Anti-Debugging techniques
- Anti-Virtualization techniques
- Identifying the disabling of security services
- Process injection
- DLL Hijacking
- Manual binary patching via opcodes & hex editor

I'm open to questions about this Patreon, just throw me a DM @sudosev and I'll answer you as soon as possible.
Tiers
Show your support
$5 or more per creation (sold out!)
Show your support and reduce those awful stress levels for a student that is writing malware analysis classes for Windows.  Patreons will receive frequent updates on the project and may be able to review parts of the project nearer to completion.
Whoami
Some of you may know me from Twitter but I will assume that nobody here knows me.  I'm a final year computer & network security student at Staffordshire University with an undying passion for information security and more specifically, malware research & threat intelligence.  In 2016, I really threw myself in at the deep end in the community and spoke at a conference as well as guest authored blog posts, all while studying for my degree and posting anything interesting I found in my spare time on Twitter.  Anybody that truly knows me will know that my passion and drive for information security is unstoppable.  That being said, I also enjoy teaching and I hope that my motivation can fuel some beginners to help ignite their love for information security and the dissection of malware.

Why Patreon?
Several services exist for offering teaching at a low cost but due to financial constraints and time constraints, it's proving difficult to find the time to build a course in full to then push out to those that want to purchase the course.  Instead, I have opted for what we have here.  Any previous or current student will know that the financial situation as a student is diabolical.  I've reached the depths of my cash pool at this point so here I am attempting to source some income while simultaneously teaching people the skills that they frequently ask me for in direct messages on Twitter.  While I am open to answering random questions, a structured course with in-depth explanation and demonstrations is much better.  Not only that but by doing this, I can dedicate time to the course whereas direct messages are answered on the fly and answer quality may vary depending on how rushed I am at the time.

Essentially, money gained through Patreon is going to reduce my stress levels majorly and keep me fed while I write the content for this course and finish up my degree.  I'll also make sure that I dedicate some of the course writing time to speaking with Patreons as long as the numbers don't grow to a ridiculous amount.  For example, speaking to 2-3 Patreons is no issue but trying to speak to 100-200 people in a 3-4 hour allocated slot is going to be damn difficult.

Amanda Rousseau (@malwareunicorn) will be reviewing course content before publishing to ensure the quality is of a high standard.

The following areas are in the context of malware activity. Some knowledge is already assumed.

Networking & security technologies
- IP addresses and subnetting (IPv4, VLSM)
- Routing & switching basics
- How data/packets move through a network
- ICMP
- TCP and UDP
- DNS
- Firewalls/ACLs
- IDS/IPS
- Denial of service attacks
- DoS mitigation
- Network security topologies & architecture
- OSI model in-depth and how each layer correlates to malware investigations
- Command and control servers
- Common network indicators for malicious activity
- Abusing DNS and ICMP for malicious traffic
- C2 traffic (HTTP/DNS/ICMP)

Introduction to malware analysis
- What is malware?
- Malware broken into sub-categories
- What is gained from malware analysis?
- High level overview: malware techniques
- Packers
- Analysis Methodology
- Lab safety
- Lab environment (virtualization)

Tools (full walk-through)
- Wireshark (customize appearance, filters, follow streams, file carving)
- NetworkMiner
- PeStudio
- RegShot
- ProcessExplorer
- ProcessMonitor
- FakeNet
- Resource Hacker
- HxD
- IDA
- x64dbg
- API Monitor
- Yara
- XORSearch

Static Malware Analysis
- What exactly are you are looking for?
- Why are you doing this?
- Once you have analyzed the malware specimen, what do you plan to do with the information extracted from our analysis session?
- What is your end goal?
- File appearance
- Reading and understanding histograms & entropy
- Identifying packing
- Unpacking (may require manual unpacking)
- Strings
- Sections
- Imports
- Threat intel for additional clues
- Preparing for dynamic analysis

Dynamic Malware Analysis
- Translate static findings into expected dynamic behavior
- Determine what artifacts you should be looking for post-execution
- Understand each step of the malware execution
- Learn common and uncommon techniques used by malware authors during execution
- Identify system and file changes
- Identify persistence
- Analyze network traffic sourcing from the malware
- Compile a list of indicators of compromise
- Correlate behavior with static findings

Manual reverse engineering
- CPU architectures
- Memory management
- ASLR
- Stack operations
- Basic ASM instructions
- Flags
- Functions
- If/Else
- Jump instructions (conditional)
- Identifying loops
- Opcodes
- Example walk-through
- IDA & x64dbg examples
- Anti-Debugging techniques
- Anti-Virtualization techniques
- Identifying the disabling of security services
- Process injection
- DLL Hijacking
- Manual binary patching via opcodes & hex editor

I'm open to questions about this Patreon, just throw me a DM @sudosev and I'll answer you as soon as possible.

Recent posts by Sudosev

Tiers
Show your support
$5 or more per creation (sold out!)
Show your support and reduce those awful stress levels for a student that is writing malware analysis classes for Windows.  Patreons will receive frequent updates on the project and may be able to review parts of the project nearer to completion.